Is your fitness app secure?

June 20, 2018 | Authetication, Lifestyle, Identities

While Oliver was jogging down the track and took a halt to adjust his snickers, little did he knew that the fitness app he installed in his smartphone to monitor his heartbeat is being accessed by some malefactor unlawfully. This has happened to thousands of (Oliver)s, due to a security gap at the fitness app service provider, which leaked the personal data of millions of health enthusiasts.

This latest data compromise incident happened with the company, which allowed the subscribers/ users to suggest/ discover new workout techniques and record their results and even advises/ coaches them for better and appropriate health. Moreover, it includes the user's app bio, workout and activity goals, profile photos, and even the rating what he has given for the app. It also exposed health information submitted by the user.

Each and every time someone sends a message to another user, this app exposed user profile data and private information. This exposed data includes personalized data like email addresses, dates of birth, user's location, timezone and even gender. As a result, these vulnerable data became an easy and obvious target for cyber crooks.

Access control and password management are two crucial factors in today’s digitized world. This ensures that there is no tampering with the server. In the case of IoTs, most of the threats can be kept aside if there is robust security supervision of the secret cloud server. There is a constant threat to information security, and data privacy. How difficult is it to imagine that a hacker intruding someone’s database and subverting all the vital health-related and other personal information!

In this context, it is almost similar to what exactly happens in modern enterprise security. Unauthorized access and inadequate password management are the big challenges organizations combat today. Every year billions of dollars are lost due to various incidents of data breach, system hack, phishing and other malicious activities around privileged accounts/ identities. It happens because user activities usually go unmonitored and the principle of least privilege and access based ‘need-to-know’ or ‘need-to-do’ rules are often overlooked.

Lastly, fitness apps provide a holistic approach to better manage our lifestyle. Security-related concerns make them vulnerable; but proper identity and access control management, which could help to block unauthorized access, can substantially control and manage risks.